2021-02-19 22:29:04 +01:00
|
|
|
{ config, lib, ... }:
|
|
|
|
|
let
|
2022-01-11 16:08:21 +01:00
|
|
|
inherit (lib)
|
|
|
|
|
mkEnableOption
|
|
|
|
|
mkIf
|
|
|
|
|
mkOption
|
2022-03-11 18:14:50 +01:00
|
|
|
optionalAttrs
|
2022-01-11 16:08:21 +01:00
|
|
|
;
|
|
|
|
|
|
2021-02-19 22:29:04 +01:00
|
|
|
cfg = config.my.services.transmission;
|
|
|
|
|
|
|
|
|
|
domain = config.networking.domain;
|
|
|
|
|
webuiDomain = "transmission.${domain}";
|
|
|
|
|
|
|
|
|
|
transmissionRpcPort = 9091;
|
|
|
|
|
transmissionPeerPort = 30251;
|
|
|
|
|
|
|
|
|
|
downloadBase = "/media/torrents/";
|
|
|
|
|
in
|
|
|
|
|
{
|
2022-01-11 16:08:21 +01:00
|
|
|
options.my.services.transmission = let inherit (lib) types; in {
|
2021-02-19 22:29:04 +01:00
|
|
|
enable = mkEnableOption "Transmission torrent client";
|
|
|
|
|
|
|
|
|
|
username = mkOption {
|
|
|
|
|
type = types.str;
|
|
|
|
|
default = "alarsyo";
|
|
|
|
|
example = "username";
|
|
|
|
|
description = "Name of the transmission RPC user";
|
|
|
|
|
};
|
|
|
|
|
|
2022-03-11 18:14:50 +01:00
|
|
|
secretConfigFile = mkOption {
|
|
|
|
|
type = types.nullOr types.path;
|
|
|
|
|
default = null;
|
|
|
|
|
example = "/var/run/secrets/transmission-secrets";
|
|
|
|
|
description = "Path to secrets file to append to configuration";
|
2021-02-19 22:29:04 +01:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2022-01-11 16:08:21 +01:00
|
|
|
config = mkIf cfg.enable {
|
2021-02-19 22:29:04 +01:00
|
|
|
services.transmission = {
|
|
|
|
|
enable = true;
|
|
|
|
|
group = "media";
|
|
|
|
|
|
|
|
|
|
settings = {
|
|
|
|
|
download-dir = "${downloadBase}/complete";
|
|
|
|
|
incomplete-dir = "${downloadBase}/incomplete";
|
|
|
|
|
|
|
|
|
|
peer-port = transmissionPeerPort;
|
|
|
|
|
|
|
|
|
|
rpc-enabled = true;
|
|
|
|
|
rpc-port = transmissionRpcPort;
|
2022-03-20 23:01:32 +01:00
|
|
|
rpc-authentication-required = false;
|
2021-02-19 22:29:04 +01:00
|
|
|
|
|
|
|
|
rpc-whitelist-enabled = true;
|
|
|
|
|
rpc-whitelist = "127.0.0.1";
|
2022-03-20 23:01:32 +01:00
|
|
|
|
|
|
|
|
rpc-host-whitelist-enabled = true;
|
|
|
|
|
rpc-host-whitelist = webuiDomain;
|
2021-02-19 22:29:04 +01:00
|
|
|
};
|
2021-06-03 00:33:52 +02:00
|
|
|
|
|
|
|
|
# automatically allow transmission.settings.peer-port
|
|
|
|
|
openFirewall = true;
|
2022-03-11 18:14:50 +01:00
|
|
|
} // (optionalAttrs (cfg.secretConfigFile != null) {
|
|
|
|
|
credentialsFile = cfg.secretConfigFile;
|
|
|
|
|
});
|
2021-02-19 22:29:04 +01:00
|
|
|
|
|
|
|
|
services.nginx.virtualHosts."${webuiDomain}" = {
|
|
|
|
|
forceSSL = true;
|
2021-07-13 00:57:33 +02:00
|
|
|
useACMEHost = domain;
|
2021-02-19 22:29:04 +01:00
|
|
|
|
|
|
|
|
locations."/".proxyPass = "http://127.0.0.1:${toString transmissionRpcPort}";
|
2022-03-20 23:01:32 +01:00
|
|
|
|
|
|
|
|
listen = [
|
|
|
|
|
# FIXME: hardcoded tailscale IP
|
|
|
|
|
{
|
|
|
|
|
addr = "100.80.61.67";
|
|
|
|
|
port = 443;
|
|
|
|
|
ssl = true;
|
|
|
|
|
}
|
|
|
|
|
{
|
|
|
|
|
addr = "100.80.61.67";
|
|
|
|
|
port = 80;
|
|
|
|
|
ssl = false;
|
|
|
|
|
}
|
|
|
|
|
];
|
2021-02-19 22:29:04 +01:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|
